GHSA-qw8w-2xcp-xg59

Suggest an improvement
Source
https://github.com/advisories/GHSA-qw8w-2xcp-xg59
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-qw8w-2xcp-xg59/GHSA-qw8w-2xcp-xg59.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-qw8w-2xcp-xg59
Aliases
  • CVE-2014-1832
Published
2018-10-10T17:29:27Z
Modified
2023-11-01T04:45:31.343221Z
Summary
Insecure use of temporary files in Phusion passenger
Details

Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.

Database specific
{
    "nvd_published_at": "2015-02-19T15:59:04Z",
    "cwe_ids": [],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:52:59Z"
}
References

Affected packages

RubyGems / passenger

Package

Name
passenger
Purl
pkg:gem/passenger

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.37
Fixed
4.0.38

Affected versions

4.*

4.0.37